You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "Wyllys Ingersoll (JIRA)" <ji...@apache.org> on 2018/09/27 16:48:00 UTC

[jira] [Created] (SYNCOPE-1376) swagger-ui server URL incorrect behind ssl reverse proxy

Wyllys Ingersoll created SYNCOPE-1376:
-----------------------------------------

             Summary: swagger-ui server URL incorrect behind ssl reverse proxy
                 Key: SYNCOPE-1376
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1376
             Project: Syncope
          Issue Type: Bug
          Components: documentation
    Affects Versions: 2.1.1
            Reporter: Wyllys Ingersoll


Im running syncope-core in a container behind an nginx ingress controller.  The browser client hits the ingress URL as HTTPS, which then proxies to the backend syncope service as HTTP.

When accessing swagger-ui, the server URL that it generates for API testing is HTTP and not HTTPS, so it is not possible to exercise the APIs ("try it out") because that URL is hardcoded and cannot be overwritten.

Here is the snippet from the openapi.json to illustrate the problem:

 
{noformat}
{
"openapi" : "3.0.1",
"info" : {
"title" : "Apache Syncope",
"description" : "Apache Syncope 2.1.2-SNAPSHOT",
"contact" : {
"name" : "The Apache Syncope community",
"url" : "http://syncope.apache.org",
"email" : "dev@syncope.apache.org"
},
"license" : {
"name" : "Apache 2.0 License",
"url" : "http://www.apache.org/licenses/LICENSE-2.0.html"
},
"version" : "2.1.2-SNAPSHOT"
},
"servers" : [ {
"url" : "http://proxyserver:443/syncope/rest"
         ^^^^^
  !! THIS IS THE PROBLEM !!
} ],
"paths" : {
"/accessTokens/refresh" : {
...
 
{noformat}
 

I hit the proxy with the url "https://proxy:443/syncope/swagger", but the server URL generated by syncope (or swagger-ui) ignores the "HTTPS" and assumes HTTP.

I can view all of the API docs, but cannot test them via the UI due to the server URL being hardcoded.  I cannot see how to override or pre-configure the URL in this environment.

 

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: [jira] [Created] (SYNCOPE-1376) swagger-ui server URL incorrect behind ssl reverse proxy

Posted by Dave Varon <va...@gmail.com>.

I had this same (or similar) problem using Apache HTTPD, where swagger
would always amend the url with  `/:-1` (slash colon negative 1!).  I fixed
it with this mod_rewrite rule which just strips out the erroneous bit for
the redirect

RewriteRule ^/:-1(/.+) https://%{HTTP_HOST}$1 [R,L]



Perhaps there is a similar config for nginx?

My original thread: https://markmail.org/message/lhvbrzzttm6f3fir


hth,
Dave Varon
Creator of YADA <https://github.com/Novartis/YADA>
https://github.com/Novartis/YADA



On Thu, Sep 27, 2018 at 12:48 PM Wyllys Ingersoll (JIRA) <ji...@apache.org>
wrote:

> Wyllys Ingersoll created SYNCOPE-1376:
> -----------------------------------------
>
>              Summary: swagger-ui server URL incorrect behind ssl reverse
> proxy
>                  Key: SYNCOPE-1376
>                  URL: https://issues.apache.org/jira/browse/SYNCOPE-1376
>              Project: Syncope
>           Issue Type: Bug
>           Components: documentation
>     Affects Versions: 2.1.1
>             Reporter: Wyllys Ingersoll
>
>
> Im running syncope-core in a container behind an nginx ingress
> controller.  The browser client hits the ingress URL as HTTPS, which then
> proxies to the backend syncope service as HTTP.
>
> When accessing swagger-ui, the server URL that it generates for API
> testing is HTTP and not HTTPS, so it is not possible to exercise the APIs
> ("try it out") because that URL is hardcoded and cannot be overwritten.
>
> Here is the snippet from the openapi.json to illustrate the problem:
>
>
> {noformat}
> {
> "openapi" : "3.0.1",
> "info" : {
> "title" : "Apache Syncope",
> "description" : "Apache Syncope 2.1.2-SNAPSHOT",
> "contact" : {
> "name" : "The Apache Syncope community",
> "url" : "http://syncope.apache.org",
> "email" : "dev@syncope.apache.org"
> },
> "license" : {
> "name" : "Apache 2.0 License",
> "url" : "http://www.apache.org/licenses/LICENSE-2.0.html"
> },
> "version" : "2.1.2-SNAPSHOT"
> },
> "servers" : [ {
> "url" : "http://proxyserver:443/syncope/rest"
>          ^^^^^
>   !! THIS IS THE PROBLEM !!
> } ],
> "paths" : {
> "/accessTokens/refresh" : {
> ...
>
> {noformat}
>
>
> I hit the proxy with the url "https://proxy:443/syncope/swagger", but the
> server URL generated by syncope (or swagger-ui) ignores the "HTTPS" and
> assumes HTTP.
>
> I can view all of the API docs, but cannot test them via the UI due to the
> server URL being hardcoded.  I cannot see how to override or pre-configure
> the URL in this environment.
>
>
>
>
>
>
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v7.6.3#76005)
>